Sysaid – CWE-434: Unrestricted Upload of File with Dangerous Type - 

A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.Read More